CVE-2020-25695

Public on 2020-11-16

Modified on 2021-07-12

Description

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity

Important

See what this means

CVSS v3 Base Score

8.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	postgresql	2021-06-16 20:37	ALAS2-2021-1665
Amazon Linux 1	postgresql92	2021-07-08 18:38	ALAS-2021-1519
Amazon Linux 1	postgresql95	2021-01-12 22:52	ALAS-2021-1476
Amazon Linux 1	postgresql96	2021-01-12 22:52	ALAS-2021-1476

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD	CVSSv2	6.5	AV:N/AC:L/Au:S/C:P/I:P/A:P
NVD	CVSSv3	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2020-25695 Mitre: CVE-2020-25695 FAQs regarding Amazon Linux ALAS/CVE Severity